Re: [gb-users] Transpartent Proxying via a seperate box

[Chris Green]

Interesting way to do that.  On the plus side this could potentially 
allow the squid to see the originating IP, correct?  I will have to rig 
up a lab to give this a shot.  Anyone ever tried loading GB-Ware in a 
vmware?  ;)

Chris Green

David Brooks wrote:
Chris,

Simple answer is no not with the transparent proxy.

Ok, I have not tired this with a Squid proxy.  So saying this you can 
give the following a try.

The objective is to transparently redirect all http packets to another 
gateway.

Set up Policy based routing with the gateway being the Squid.

Gateway Failover
Enabled: no
Ping if Primary Down: no
Notification: yes
Gateway Sharing
Enabled: no
Policy Based Routing
Enabled: yes
Source Routing
Enabled: no
Gateways
Index Name    Route              Sharing Failover
1       Squid     172.16.1.1             No    No


Then an Outbound Policy

Description: Accept - Send All http request to Sea Monster
Type;  Accept
Priority :  notice
Interface: PROTECTED
Service: <HTTP>
  from <ANY_IP>
      to <ANY_IP>

Advanced  - Route: <Squid>

This would redirect all http packets to the squid proxy.

Ok, Good luck on Squid - it has to probably accept the packets and NAT 
them and send them back out.

You may need to set up a separate outbound policy for Squid IP to not 
be directed back to itself or a loop on the firewall.

Ok, I like I said before never done this before.  However, the 
firewall has the ability to re-direct using the Policy based routing.  
Once packets are redirected it is the Sea Monsters responsibility to 
handle them.

FYI - I used only http you could create groups of service groups to be 
used.

David



At 09:20 AM 8/24/2006, Chris Green wrote:
Is it possible through the use of transparent proxying to force all 
traffic through another box running Squid or similar?

Chris Green

------------------------------------------------------
To unsubscribe:           [EMAIL PROTECTED]
For additional commands:         [EMAIL PROTECTED]
Archive:  http://archives.gnatbox.com/gb-users/

------------------------------------------------------
To unsubscribe:           [EMAIL PROTECTED]
For additional commands:         [EMAIL PROTECTED]
Archive:  http://archives.gnatbox.com/gb-users/

------------------------------------------------------
To unsubscribe:           [EMAIL PROTECTED]
For additional commands:         [EMAIL PROTECTED]
Archive:  http://archives.gnatbox.com/gb-users/